Fabien Catteau wrote a very interesting post on the discussion board at Gemnasium regarding malicious gems. Fabien goes through a few example scenarios of gems that can exploit your system as soon as you install them, but he also explains how to fetch gems to check them out without installing them. While he admits paranoia isn’t exactly practical, he does offer some recommendations to make the Rubygems infrastructure more secure, for instance by not allowing gems to install native C extensions by default.

On the Envy Labs blog, Carlos Souza talks about the surprising new behavior of ActiveRecord scopes in Rails 4. It’s possible to chain scopes in Rails, which means the scopes will be combined to create a specific query that satisfies all the conditions. To keep it simple, in the situation where you might have 2 scopes involving the same column, Rails used to play dumb and ignore the first condition altogether. In Rails 4, this behavior changes and the two conditions are combined with an “AND” SQL statement.

Lots of small businesses are using Stripe to process recurring or one­time payments, but simple integrations might not handle more advanced issues. Things like expired credit cards, transactions timeouts, and custom reporting. Pete Keen is offering a new guide, called Mastering Modern Payments: Using Stripe with Rails, which will be released in August 2013. It teaches these advanced issues, and a lot more. You can subscribe to the mailing list for updates and a 10% off discount code when the guide is
published.

Recently, we discovered a gem called Git Pairing. We pair a lot, and usually we have to choose whose GitHub account to commit from, or commit from the pairing station account. This gem is great because it allows you to set up multiple commit authors in your local git config so that you can share code authorship. It also allows you to toggle back to single­author mode and defaults to the system owner if no users are specified in the commit. Basically it’s awesome, and you should use it.

Previous Episodes

Interact with GitHub through Octokit, choosing a European payment gateway, importing and exporting databases with DbSync, pluck values from your tables, using ember-auth with Rails 3 and Authlogic, and field-level access control with Protector all in this episode of Ruby5!